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DETAILED ACTION 



1. 



The Office Action is responsive to the communication filed on 02/17/2009. 



2. 



Claims 1-8, 23-29, and 35-41 are pending. 



Claim Rejections - 35 USC §103 



3. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. The factual inquiries set forth in Graham v. John Deere Co. , 383 U.S. 1 , 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 



5. Claims 1,3-4, 6-7, 23, 25, 28, 36-37, 39-40 are rejected under 35 U.S.C. 103 (a) as being 
unpatentable over Raciborski et al. (USPN 20050132083) in view over Maclnnis (USPN 
20030028899). 



receiving, at a server, a request from a client to take an action with respect to an electronic 



or nonobviousness. 



6. 



As per claim 1, Raciborski et al. teaches a method comprising: 



document ([ABSTRACT], [0028]) 
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retrieving a document identifier fi-om the request ([0028], [0032] e.g., customized XML); 
determining whether user authentication is needed based on the document identifier and the 
action ([0020], [0036]) 

Raciborski et al. teaches a specified authentication procedure ([0033] e.g., download manager 
software (e.g., procedure) is compiled after content objects are requested) but does not teach 
sending information specifying an acceptable authentication procedure. Maclnnis teaches 
sending information specifying an acceptable authentication procedure ([ABSTRACT], [0012] 
e.g., descriptor information, i.e., information regarding an acceptable procedure. The Examiner's 
position is that a) a download manager is compiled and available to a client and b) before 
downloading a particular manager, descriptive information is provided to the client such that the 
best 'module version,' i.e., download manager, is available to the client. See discussion below for 
reasoning.) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to modify Raciborski et al. to include descriptor information sent to the client such 
that the client could choose the 'best' module, as taught by Maclnnis. Raciborski et al. teaches 
multiple, available versions of a download manager ([0033]). MAcInnis teaches enabling the 
client to select the best 'module version.' Since enabling the client to select the best and most 
often compatible version based on chent capabilities, it would have been obvious to send 
descriptive information about the manager program, i.e., authentication procedure, to ensure a 
compatible program |program version is downloaded and installed) 

Maclnnis teaches receiving an authentication procedure update request ([0012] e.g., it is 
interpreted that as authoring sources generate module versions, new versions become available to 
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the client. A client would select a new version, i.e., authentication procedure update request) in 
response to the client processing of the information specifying an acceptable authentication 
procedure (e.g., when new versions are available, the client could review and install these 
versions after receiving the descriptor list, i.e., processing information. After processing the 
information, the chent could request the new version, i.e., authentication procedure update) but 
does not teach the request for information, i.e., descriptors, is initiated by the client. Maclnnis 
teaches a client initiating the request for updates ([0007] e.g., the Examiner's position the 
aforementioned steps could be initiated by the client simply by communicating a need for 
updates to the server. From this point, the server would then send the client the descriptor list) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to enable a client to request an updated procedure. Maclnnis teaches that new 
versions are made available to the client, which would be unknown to the client. Maclnnis, as 
modified, teaches that a client would make a request for new versions. Maclnnis, as modified, 
teaches that in response a descriptor list would be sent to the client showing the client the 
available versions, and fi-om which a client may select the best version. In effect, in response to 
the client processing the available list, i.e., information specifying an acceptable authentication 
procedure, the client would receive an updated version of a program. 

Raciborski et al teaches obtaining, at the server and in response to the authentication 
procedure update request, a software program comprising instructions operable to cause one or 
more data processing apparatus to perform operations effecting the authentication procedure 
([0033] e.g., a download manager, i.e., software program, is selected as the best module available 
in response to the client processing descriptor lists, i.e., information specifying an acceptable 
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authentication procedure, which performs user authentication, i.e., operations effecting the 
authentication procedure. It is interpreted that the download manager, i.e., authentication 
manager, comprises instructions to effect authentication, i.e., operations effecting (e.g., realizing) 
the authentication procedure); and 

sending the software program to the client for use in identifying a current user and controlling 
the action with respect to the electronic document based on the current user and document- 
permissions information associated with the electronic document ([0032], [0033], [0035] e.g., 
downloading manager software) 

7. As per claim 3, teaches receiving, at a se Raciborski et al. teaches a method comprising: 

receiving, at a server, a request from a client to take an action with respect to an electronic 
document ([ABSTRACT], [0028]) 

obtaining, at the server and in response to the authentication procedure update request, a 
software program comprising instructions operable to cause one or more data processing 
apparatus to perform operations effecting the authentication procedure ([0033] e.g., a download 
manager, i.e., software program, is selected as the best module available in response to the client 
processing descriptor lists, i.e., information specifying an acceptable authentication procedure, 
which performs user authentication, i.e., operations effecting the authentication procedure. It is 
interpreted that the download manager, i.e., authentication manager, comprises instructions to 
effect authentication, i.e., operations effecting (e.g., realizing) the authentication procedure 

sending the software program to the client for use in identifying a current user and 
controlling the action with respect to the electronic document based on the current user and 
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document-permissions information associated with the electronic document ([0032], [0033], 
[0035] e.g., downloading manager software; 

receiving an updated authentication procedure (e.g., Raciborski et al. as modified by 
Maclnnis, teaches where the program would have authoring sources generating new modules 
([0012] e.g., updated authentication procedure. It is interpreted that a new version, as generated, 
is an updated authentication procedure because a download program is a procedure to 
authenticate a user) 

receiving a subsequent request fi-om the client to take the action with respect to the electronic 
document (e.g., as modified, supra claim 1, a client would make a request for a newer version. 
This solves the pertinent problem of ensuring that the client is always up to date); 

obtaining, at the server and in response to the request, a new software program comprising 
instructions operable to cause one or more data processing apparatus to perform operations 
effecting the updated authentication procedure (e.g., supra claim 1, where a new version is made 
available, the client receives the available versions prior to downloading (e.g., descriptor list), 
and subsequently the client would install the new program. The Examiner's position is that as 
new modules become available, a client could initiate a check to see whether a new module is 
available, in response the client would receive a descriptor list showing the available versions, 
and in response select the best module); 

sending the new software program to the client for use in identifying the current user and 
controlling the action with respect to the electronic document based on the current user and the 
document-permissions information associated with the electronic document ([0033] e.g., as 



Application/Control Number: 1 0/699, 1 65 Page 7 

Art Unit: 2121 

modified, supra claim 1 discussion, new versions are made available, i.e., new software program, 
for subsequent installation) 

8. As per claim 23, Raciborski et al., as modified, teaches a system comprising: 

a client that sends an authentication procedure update request to a server in 
response to client processing of information received from the server (e.g., supra claim 1 
discussion. In response to the client processing available versions, i.e., descriptor list, the client 
would request a newer version of software based on the received descriptor list. The initial 
request could be initiated by the client such that following the request for newer versions, the 
client would process the descriptor hst, and then request a newer version. The initial client 
request is simply for checking for new versions. Following this initial request, the client can 
request an actual version, i.e., requesting authentication procedure update based on the received 
descriptor list) 

wherein the information received from the server specifies one or more acceptable 
authentication procedures (e.g., descriptor list. As modified, the descriptor list would include the 
available versions of a download manager) 

the server that receives the authentication procedure update request, and in response to the 
client, the server obtains and sends a software program comprising instructions operable to cause 
one or more data processing apparatus to perform operations effecting an authentication 
procedure (e.g., supra claim 1, where the server has multiple versions of modules, in response to 
the client needing software, the server sends the descriptor list to the client, the client can then 
make a request for a new version of software, and the server will send the software to the client); 
and 
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wherein the client uses the software program to identify the current user and control an action 
with respect to an electronic document based on the current user and document-permissions 
information associated with the electronic document, and wherein the action comprises an action 
taken with respect to the electronic document subsequent to opening the electronic document at 
the client ([0041], [0043], [Figure 4D] e.g., supra claim 1 discussion) 

9. As per claim 25 Rociborski et al. teaches the system of claim 23, wherein the client 
includes a security handler that provides a server-communication interface to the software 
program ([0020] e.g., transaction session identifier) 

10. As per claim 36, teaches the system of claim 23, Raciborski et al., as modified, teaches 
wherein the server receives a subsequent request from the client to take action with respect to the 
electronic document ([0045] e.g., downloads implies that more than one request can be made) 
but Raciborski et al. does not teach obtaining, in response to the subsequent request, a new 
authentication process, and sends the new authentication process to the client for use in 
identifying the current user and controlling the action with respect to the electronic document 
based on the current user and the document permissions information associated with the 
electronic document. Maclnnis teaches checking for new versions and enabling the client to 
continuously be updated with versions 

Therefore, it would have been obvious to one of ordinary skill in the art to have provided a 
client with an updated authentication program if a newer version was available at the time of 
communication. It is foreseeable that newer versions are made available, these versions may be 
made available in response to a client seeking an update, a server informing the client of an 
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update, and or when a client communicates with the server (e.g., as in the case of requesting 
downloads). 

11. As per claims 4 and 37, Raciborski et al. teaches software program uses an existing 
interface provided by the client to communicate authentication information to the server ([FIG 
2A-208]) 

12. Claims 5, 26, and 38 are rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Raciborski et al. (USPN 20050132083) in view over Maclnnis (USPN 20030028899) and in 
further view over Hu (USPN 5586260) 

13. As per claims 5, 26, and 38, Raciborski et al. teaches receiving credentials information 
from the client derived at least in part based on input obtained by the client using the software 
program ([0041], [0043] e.g., passwords) but does not teach conmiunicating with a third part 
authentication server to authenticate the current user based on the credentials information. Hu 
teaches a third party authentication server ([ABSTRACT]) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to implement a third party authentication server as taught by Hu et al. Hu teaches a 
method for authenticating a client for a server. Raciborski teaches a system for authenticating a 
user/client to enable access to content stored on a server. Since a third party authentication 
server provides a well known means in which to maintain, store, and retrieve credentials, it 
would have been advantageous to provide this server as an additional means, in effect providing 
both redundancy in addition to reducing load on the primary server. 

14. As per claims 6 and 39 Rociborski et al. teaches the method of claim 5, wherein the input 
obtained by the client comprises text input ([0041], [0043] e.g., password). 
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15. As per claims 7 and 40, Rociborski et al. teaches the method of claim 5, wherein the 
input obtained by the client comprises biometric data ([0043] e.g., biometric authentication) 

16. Claims 8, 27, 38, and 41 are rejected over Raciborski et al. (USPN 20050132083) in view 
of Heath et al. (USPN 6006034) and in further view of Hu (USPN 5586260). 

17. As per claims 8,27, 38, and 41, Raciborski et al. teaches receiving input from a client 
using the software ([0041], [0043]) e.g., password). It does not teach receiving an authentication 
receipt from a third party authentication server based on input obtained by the client using the 
software. Hu teaches returning an access key from an authentication gateway acting as a proxy 
server to the client, i.e., receipt, based on credentials ([ABSTRACT], [COL 1 lines 58-63] e.g., 
receiving an authentication receipt from a third party authentication server) and verifying the 
current user with the third party authentication server using the authentication receipt ([COL 1 
lines 18-20], lines 59-63], [ABSTRACT] e.g., authenticating a client) 

Therefore, at the time the invention was made, it would have been obvious to have provided a 
means in which to authenticate a client via saving security credentials,. Raciborski et al. teaches 
authenticating a user via credentials as to enable access to content on a server. Hu et al. teaches 
saving security credentials for later use and generating an access key for their retrieval and 
passing the access key to the client. In effect, saving the security credentials for later use and 
providing an access key for their retrieval obviates the need for repeated authentication. As a 
result, the system is further optimized and limits redundant authentication procedures. 

18. As per claim 28, Raciborski et al., as modified, teaches a server comprising: 
a server core with configuration and logging components ([0029]) 
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an internal services component that provides functionality across dynamically loaded 
methods ([0029] e.g., web page) 

dynamically loaded external services providers, including an authentication service 
provide ( supra Hu for authentication server - ABSTRACT) 

19. Claim 29 is rejected under 35 U.S.C. 103 (a) as being unpatentable over Raciborski et al. 
(USPN 20050132083) in view over Maclnnis (USPN 20030028899) and in further view over 
TenerelUo (USPN 7233981) 

20. As per claim 29, Raciborski et al. teaches a business logic tier comprising a cluster of 
document control servers ([0029] e.g. content delivery networks); an application tier including 
the client comprising a viewer client, a securing client, and an administration client ([FIG 1-FlG 
2A - client computer functions via providing a view - browser, securing - downloading the 
manager (securing a program), and administration (storage media)). However, Racoborski et al. 
does not teach a load balancer that routes client requests to the document control server. 
Tenerello teaches a system and method for load balancing ([COL 1 lines 14-20], [COL 2 lines 
63-67]) 

Therefore, at the time the invention was made, one of ordinary skill would have motivation 
to load balance a system. Raciborski et al. teaches that various user computers may access 
content objects ([0029]) Tenerello teaches a load balancing means in which multiple requests 
may be efficiently processed. Since load balancing increases performance of a system, it would 
have been obvious to have enabled a system employing multiple user computers, each requesting 
access to a resource, a means to load balance the requests as to optimize the system. 
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21. Claims 2, 24, and 35 are rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Raciborski et al. (USPN 20050132083) in view over Maclnnis (USPN 20030028899) and in 
further view over Kano et al. (USPN 20030135650) 

22. As per claims 2, 24, and 35, Raciborski et al. does not teach a second server providing the 
software program. Kano et al. teaches a backup server ([ABSTRACT]) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to include a backup server as a means of providing redundancy. In the event of a 
failure of the primary server, it would have been beneficial to utilize a backup server as a means 
of distributing the software program, modules, and versions as they become available. 

Conclusion 

23 . The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

6963971 

6950935 

7062765 

7140012 

20020144257 

20040059590 

20040117664 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DARRIN DUNN whose telephone number is (571)270-1645. 
The examiner can normally be reached on EST:M-R(8:00-5:00) 9/5/4. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert DeCady can be reached on (571) 272-3819. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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